目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CVE-2023-23488 PoC — WordPress Plugin The Paid Memberships Pro SQL注入漏洞

来源
https://github.com/r3nt0n/CVE-2023-23488-PoC
关联漏洞
标题:WordPress Plugin The Paid Memberships Pro SQL注入漏洞 (CVE-2023-23488)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin The Paid Memberships Pro 2.9.8 版本之前存在SQL注入漏洞,该漏洞源于 /pmpro/v1/order 的 code 参数存在 SQL 注入问题。
Description
Unauthenticated SQL Injection - Paid Memberships Pro < 2.9.8 (WordPress Plugin)
介绍
# CVE-2023-23488-PoC
Unauthenticated SQL Injection - Paid Memberships Pro &lt; 2.9.8 (WordPress Plugin)

Running this script against a WordPress instance with Paid Membership Pro plugin
tells you if the target is vulnerable.
As the SQL injection technique required to exploit it is Time-based blind, instead of
trying to directly exploit the vuln, it will generate the appropriate sqlmap command
to dump the whole database (probably very time-consuming) or specific chose data like
usernames and passwords.

Usage example:

```shell
python3 CVE-2023-23488.py http://127.0.0.1/wordpress
```


## References

+ Credits to **Joshua Martinelle**, who discovered the vulnerability
+ ExploitDB link: https://www.exploit-db.com/exploits/51235
+ Vendor Homepage: https://www.paidmembershipspro.com
+ Vulnerable software Link: https://downloads.wordpress.org/plugin/paid-memberships-pro.2.9.7.zip
+ Advisory: https://github.com/advisories/GHSA-pppw-hpjp-v2p9
文件快照

 [4.0K]  /data/pocs/f4378433beb4c557f9dae2b08a76f9935411cbea
├── [2.8K]  CVE-2023-23488.py
└── [ 950]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
    3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →